iPhone Security: Lightning Cables that can steal your Passwords
Share:

Apparently, malware and hackers are not the only real threats against your passwords. Right now, Lightning Cables can steal them too...

The news

The OMG Cable is virtually identical to any other Lightning Cable, except for a hidden data-stealing chip. Vice reported that it is difficult to distinguish the OMG cable from the Lightning cable, as they almost look the same. When connected to an iPhone, iPad, or MacBook, the cable logs keystrokes (more commonly known as KEYLOGGER: a program that can remember all the keys typed using your keyboard. This includes typed passwords for baking apps, chats you're doing with your friends via WhatsApp, and even the personal information you type and save in MEMO or other text apps!).

The cable then transmits the data to the hacker, who may be miles away. The hacker creates a Wi-Fi hotspot and then uses a web application to record keystrokes which can be used for various purposes.

The Lightning-like OMG Cable also has a geofencing feature that, when activated, can block payloads from the device based on its location. This prevents accidental keystroke leakage from other devices. The cable can also be used to change the keyboard mapping or build the identity of USB devices.

A tiny chip embedded in the cables makes all of these features possible. The worst thing is that the OMG cables are almost identical in size to the original Lightning cables. As part of penetration testing tools, the OMG cables were created by security researcher "MG". The cables are now in mass production and will be sold to cybersecurity vendor HaK5. The cables pose a threat to the average user, as well as the data they contain.

A detailed take on the news

It's a malicious Lightning cable created by self-taught security researcher MG. It looks exactly like the ordinary, expensive piece of wire that connects your iPhone to a PC. However, it contains a small Wi-Fi transceiver, which can be used as an access point or client. An attacker can use the cable to access the victim's computer from a radio distance.

An attacker could access the OMG cable up to 100m using Wi-Fi from a regular telephone. A booster antenna attached to your phone or computer could allow a connection even further.

What can a hacker do with OMG cable?

Intercepting lock screen passwords

LockScream, a Mac-specific exploit that intercepts the user's lock screen password, is one of the most intriguing. To distract the victim from their Mac, the attacker sends a standard text message and then sends the LockScream payload. This executes in a terminal window and password-locks the screen.

LockScream will send the attacker's password back to their phone when they look up from the phone. The attacker can then send a second-stage payment load to unlock the machine while the user is away. This would come in handy if the attacker left the machine on.

The OMG app opens a menu that includes a variety of payloads, including opening a Terminal on the victim's computer. An attacker can remotely disable the OMG Cable's functionality, possibly to cover your tracks following an attack. The OMG cable also offers other benefits, such as the ability to reset the computer and to link payloads together.

Custom payloads

Duckyscript, the scripting language used in the Rubber Ducky offensive USB flash stick, has an editor and parser. This acts as a virtual keyboard that launches keystroke injection attacks and acts as a virtual keyboard. This alone allows for a variety of custom payloads to be added to the OMG cable. Attack payloads are also available for Ubuntu and Windows systems.

How to save yourself from these attacks?

  • Be cautious of cable deals that appear to be too good to be true.
  • In public locations, never leave your luggage or computer unattended.
  • Keep your wires secure and identifiable by marking them in some way.
  • When utilizing other people's cables and chargers, be cautious.
  • Always buy a new cable either directly from Apple or from a trusted third-party manufacturer such as Portronics.

Conclusion, how to identify genuine iPhone lightning cable.

Hackers won't stop; they will always find a way to target a person and steal their information. What's important is that we stay out of these attacks. There is always a way in and out. So, I'm telling you not to panic after hearing this news.

>>Don't trade your data in exchange for a discounted lightning cable!

Don't go for a product by just seeing its price and features. Just be sure if it is trustworthy or not. These OMG cables are cheap compared to other cables. So, people choose them over cables as they offer the same features at a lower cost, unlike other cables. This is where you are getting the whole thing wrong. So, buy products from a trustworthy place or a trustworthy service.


If you find this article helpful, remember not to give it a thumbs up and share it with your friends and family. This was all for today. We will be back with another exciting topic. Until then, stay tuned.